Project

General

Profile

Actions
Copy link

Bug #7725

closed
JF JF

decode/ipv4: missing ip-in-ip case handling

Bug #7725: decode/ipv4: missing ip-in-ip case handling

Added by Juliana Fajardini Reichow 12 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
8.0.0-rc1
Affected Versions:
7.0.10
Effort:
Difficulty:
Label:

Description

A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.

Check if this case is also missing in other scenarios.

Waiting to see if the pcap shared can be added to a public SV test.

Subtasks 1 (0 open1 closed)

Bug #7726: decode/ipv4: missing ip-in-ip case handling (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 2 (2 open0 closed)

Related to Suricata - Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulationFeedbackVictor JulienActions
Related to Suricata - Task #7734: decode: review if any decoders are missing for IPv4 or IPv6NewOISF DevActions
Actions
Copy link

Also available in: PDF Atom